Why are clients so weak?
Client-focused attacks span several of the OWASP 2013 and 2017's Top 10 Threat categories. Client-side attacks using DOM-based Cross Site Scripting (XSS) are a powerful method of leveraging weaknesses in validation to embed scripts into web responses and inserting code into clients. The client-focused, DOM-based XSS can deliver code to the clients to effect compromises made on web applications, but there is a variety of vulnerabilities that hackers will exploit to reach and impact clients, such as a unvalidated redirects and forwards, websockets attacks, or clickjacking. A third category in both the 2013 and 2017 versions of the OWASP Top 10 is a vulnerability to Cross-Site Request Forgery (CSRF), which leverages ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access